From 19aba5345aca660f3349cfb0d565fa0143e5bb28 Mon Sep 17 00:00:00 2001
From: Craeckie <5006444+Craeckie@users.noreply.github.com>
Date: Sun, 9 Jun 2024 20:27:49 +0000
Subject: [PATCH] added CSRF_TRUSTED_ORIGINS (#183)

Since some recent upgrade, I'm not able to login to the admin page of etesync (`/admin/login/`), because the CSRF check fails.


After adding `CSRF_TRUSTED_ORIGINS = ['https://my-domain.com']`, it works.
According to the [docs](https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins), this setting is required in addition to `ALLOWED_HOSTS`.
---
 etebase_server/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etebase_server/settings.py b/etebase_server/settings.py
index 887ec4e..f6c726d 100644
--- a/etebase_server/settings.py
+++ b/etebase_server/settings.py
@@ -164,6 +164,8 @@ if any(os.path.isfile(x) for x in config_locations):
 
     if "allowed_hosts" in config:
         ALLOWED_HOSTS = [y for x, y in config.items("allowed_hosts")]
+        CSRF_TRUSTED_ORIGINS = ["https://" + y for x, y in config.items("allowed_hosts")] + \
+                               ["http://" + y for x, y in config.items("allowed_hosts")]
 
     if "database" in config:
         DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}}